Information Security Risk Manager

We are seeking a seasoned Information Security Risk professional to lead enterprise-wide security risk and compliance initiatives for a mid-sized financial institution. This role is responsible for developing and executing strategies that protect sensitive data, ensure regulatory compliance, and strengthen the organization's overall security posture.

The ideal candidate will have a strong background in identity and access management (IAM), data protection, incident response planning, and third-party risk oversight. This position requires a strategic thinker with hands-on experience implementing security frameworks and controls aligned with industry standards such as NIST, ISO 27001, GLBA, and PCI DSS.

Key Responsibilities

• Develop and maintain security policies, standards, and procedures.
• Lead risk assessments and implement safeguards across systems, vendors, and business units.
• Oversee IAM architecture and access control protocols.
• Manage incident response and business continuity planning.
• Conduct vendor risk evaluations and ensure contractual data protection compliance.
• Deliver security awareness training and promote a culture of risk mindfulness.
• Provide regular reporting to senior leadership on threat landscape and risk posture.

Qualifications

• Bachelor's degree in Information Security, Computer Science, or related field (Master's preferred).
• 6+ years of experience in information security or IT risk management.
• Professional certifications such as CISSP, CISM, CRISC, or CISA.
• Strong understanding of regulatory requirements and cybersecurity frameworks.
• Experience with SIEM, DLP, IAM platforms, and vulnerability management tools.
• Excellent communication and leadership skills.